-
Notifications
You must be signed in to change notification settings - Fork 2
/
add_node.sh
executable file
·106 lines (93 loc) · 4.18 KB
/
add_node.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/bin/bash
# Author: pblaas ([email protected])
# Initial version 04-2017
# This script is used to generate Kubernetes cloud-init files for CoreoS.
if [ ! -f config.env ]; then
echo config.env not found.
echo cp config.env.sample to config.env to get started.
exit 1
fi
. config.env
if [ ! $1 ]; then
echo You need to provide one or more ip adresses.
echo e.g $0 192.168.10.12
exit 1
fi
cd set
CUSTOMSALT=$(openssl rand -base64 12)
HASHED_USER_CORE_PASSWORD=$(perl -le "print crypt '$USER_CORE_PASSWORD', '\$6\$$CUSTOMSALT' ")
#create worker certs
for i in $1; do
openssl genrsa -out ${i}-worker-key.pem 2048
if [ "$CLOUD_PROVIDER" == "openstack" ]; then
CERTID=k8s-${CLUSTERNAME}-node${i##*.}
else
CERTID=${i}
fi
WORKER_IP=${i} openssl req -new -key ${i}-worker-key.pem -out ${i}-worker.csr -subj "/CN=system:node:${CERTID}/O=system:nodes" -config ../template/worker-openssl.cnf
WORKER_IP=${i} openssl x509 -req -in ${i}-worker.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${i}-worker.pem -days 365 -extensions v3_req -extfile ../template/worker-openssl.cnf
done
for i in $1; do
openssl genrsa -out ${i}-etcd-worker-key.pem 2048
WORKER_IP=${i} openssl req -new -key ${i}-etcd-worker-key.pem -out ${i}-etcd-worker.csr -subj "/CN=${i}" -config ../template/worker-openssl.cnf
WORKER_IP=${i} openssl x509 -req -in ${i}-etcd-worker.csr -CA etcd-ca.pem -CAkey etcd-ca-key.pem -CAcreateserial -out ${i}-etcd-worker.pem -days 365 -extensions v3_req -extfile ../template/worker-openssl.cnf
done
#gzip base64 encode files to store in the cloud init files.
CAKEY=$(cat ca-key.pem | gzip | base64 -w0)
CACERT=$(cat ca.pem | gzip | base64 -w0)
APISERVERKEY=$(cat apiserver-key.pem | gzip | base64 -w0)
APISERVER=$(cat apiserver.pem | gzip | base64 -w0)
for i in $1; do
j=$i-worker-key.pem
k=$i-worker.pem
l=$i-etcd-worker-key.pem
m=$i-etcd-worker.pem
WORKERKEY=$(cat $j | gzip | base64 -w0)
WORKER=$(cat $k | gzip | base64 -w0)
ETCDWORKERKEY=$(cat $l | gzip | base64 -w0)
ETCDWORKER=$(cat $m | gzip | base64 -w0)
echo WORKERKEY_$i:$WORKERKEY >> index.txt
echo WORKER_$i:$WORKER >> index.txt
echo ETCDWORKERKEY_$i:$ETCDWORKERKEY >> index.txt
echo ETCDWORKER_$i:$ETCDWORKER >> index.txt
done
if [ $NET_OVERLAY == "calico" ]; then
NETOVERLAY_MOUNTS="--volume cni-net,kind=host,source=/etc/cni/net.d \\\\\n --mount volume=cni-net,target=/etc/cni/net.d \\\\\n --volume cni-bin,kind=host,source=/opt/cni/bin \\\\\n --mount volume=cni-bin,target=/opt/cni/bin \\\\"
NETOVERLAY_DIRS="ExecStartPre=/usr/bin/mkdir -p /opt/cni/bin\n ExecStartPre=/usr/bin/mkdir -p /etc/cni/net.d"
NETOVERLAY_CNICONF="--cni-conf-dir=/etc/cni/net.d \\\\\n --cni-bin-dir=/opt/cni/bin \\\\"
else
NETOVERLAY_CNICONF="--cni-conf-dir=/etc/kubernetes/cni/net.d \\\\"
NETOVERLAY_MOUNTS="\\\\"
NETOVERLAY_DIRS="\\\\"
fi
#genereate the worker yamls from the worker.yaml template
for i in $1; do
sed -e "s,WORKER_IP,$i,g" \
-e "s,DISCOVERY_ID,`cat index.txt|grep DISCOVERY_ID|cut -d: -f2`,g" \
-e "s,WORKER_GW,$WORKER_GW,g" \
-e "s,DNSSERVER,$DNSSERVER,g" \
-e "s,MASTER_HOST_IP,$MASTER_HOST_IP,g" \
-e "s,CLUSTER_DNS,$CLUSTER_DNS,g" \
-e "s@ETCD_ENDPOINTS_URLS@${ETCD_ENDPOINTS_URLS}@g" \
-e "s,USER_CORE_SSHKEY1,${USER_CORE_KEY1}," \
-e "s,USER_CORE_SSHKEY2,${USER_CORE_KEY2}," \
-e "s,USER_CORE_PASSWORD,${HASHED_USER_CORE_PASSWORD},g" \
-e "s,CLOUD_PROVIDER,${CLOUD_PROVIDER},g" \
-e "s,K8S_VER,$K8S_VER,g" \
-e "s,\<CACERT\>,$CACERT,g" \
-e "s,\<WORKERKEY\>,`cat index.txt|grep -w WORKERKEY_$i|cut -d: -f2`,g" \
-e "s,\<WORKER\>,`cat index.txt|grep -w WORKER_$i|cut -d: -f2`,g" \
-e "s,\<ETCDCACERT\>,`cat index.txt|grep -w ETCDCACERT|cut -d: -f2`,g" \
-e "s,\<ETCDWORKERKEY\>,`cat index.txt|grep -w ETCDWORKERKEY_$i|cut -d: -f2`,g" \
-e "s,\<ETCDWORKER\>,`cat index.txt|grep -w ETCDWORKER_$i|cut -d: -f2`,g" \
-e "s,CLOUDCONF,`cat index.txt|grep -w CLOUDCONF|cut -d: -f2`,g" \
-e "s,FLANNEL_VER,$FLANNEL_VER,g" \
-e "s@NETOVERLAY_MOUNTS@${NETOVERLAY_MOUNTS}@g" \
-e "s@NETOVERLAY_DIRS@${NETOVERLAY_DIRS}@g" \
-e "s@NETOVERLAY_CNICONF@${NETOVERLAY_CNICONF}@g" \
../template/worker_proxy.yaml > node_$i.yaml
echo Generated: node_$i.yaml
done
echo -----------------------------------
cd -
echo ""